All security alerts are published on http://www.kde.org/info/security/.

All security alerts are published on http://www.kde.org/info/security/.

−

KDE developers that want to join [mailto:security@kde.org security@kde.org] can send a motivated request to [mailto:security@kde.org security@kde.org]. Applications will be evaluated on a case by case basis by the current members. The main criteria is the extent to which someone can be helpful in excuting the security policy as described here. That includes a willingness not to disclose issues prematurely.

+

KDE developers that want to join [mailto:security@kde.org security@kde.org] can send a motivated request to [mailto:security@kde.org security@kde.org]. Applications will be evaluated on a case by case basis by the current members. The main criteria is the extent to which someone can be helpful in executing the security policy as described here. That includes a willingness not to disclose issues prematurely.

+

+

[[Category:Policies]]

Revision as of 19:12, 29 May 2012

This policy describes how security related issues are handled after they have been reported to security@kde.org.

Issues that are brought to the attention of security@kde.org are handled discretely. The issue will be verified and the author/maintainer of the affected code will usually be contacted. If the issue is indeed considered to be a problem the need for an immediate fix is assessed. The security team will notify also affected parties which are known to reuse the affected code.

If a fix is considered necessary, KDE release coordinators are contacted and KDE vendor packagers, Linux distributors and other prenotification mailing lists are informed once a fix is available that has passed review on security@kde.org. We then give them a reasonable amount of time to prepare binary packages. After that time we issue a security alert via dot.kde.org, bugtraq and kde-announce@kde.org. Patches in source form and any available updated binaries are published at the same time.

KDE developers that want to join security@kde.org can send a motivated request to security@kde.org. Applications will be evaluated on a case by case basis by the current members. The main criteria is the extent to which someone can be helpful in executing the security policy as described here. That includes a willingness not to disclose issues prematurely.